Bulletin ID
Last updated on
Security Updates Available for Adobe Digital Editions | APSB23-04
|
|
Date Published |
Priority |
|---|---|---|
|
APSB23-04 |
April 11, 2023 |
3 |
Summary
Adobe has released a security update for Adobe Digital Editions. This update resolves one critical vulnerability that could result in arbitrary code execution.
Affected product versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Digital Editions |
4.5.11.187303 and earlier versions |
Windows |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
|
Product |
Version |
Platform |
Priority |
Availability |
|---|---|---|---|---|
|
Adobe Digital Editions |
4.5.11.187658 |
Windows |
3 |
Note:
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Out-of-bounds Write (CWE-787) |
Arbitrary code execution |
Critical |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2023-21582 |
Acknowledgments
Adobe would like to thank the following security researchers for reporting these issues and for working with Adobe to help protect our customers.
- Michael DePlante (@izobashi) with Trend Micro Zero Day Initiative - CVE-2023-21582
Revisions
May 22, 2023: Solution Download Page revised.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com